Skip to content

feat(helm)!: Update Chart traefik (37.4.0 → 39.0.7)#1176

Open
pipelines-github-app[bot] wants to merge 1 commit intomainfrom
renovate/major-39-traefik-genmachine
Open

feat(helm)!: Update Chart traefik (37.4.0 → 39.0.7)#1176
pipelines-github-app[bot] wants to merge 1 commit intomainfrom
renovate/major-39-traefik-genmachine

Conversation

@pipelines-github-app
Copy link
Copy Markdown
Contributor

@pipelines-github-app pipelines-github-app bot commented Jan 24, 2026
edited
Loading

This PR contains the following updates:

Package Update Change
traefik (source) major 37.4.0 -> 39.0.7

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

traefik/traefik-helm-chart (traefik)

v39.0.7

Compare Source

🚀 Features

📦 Others

v39.0.6

Compare Source

🚀 Features

📦 Others

v39.0.5

Compare Source

🚀 Features

🐛 Bug fixes

📦 Others

v39.0.4

Compare Source

Upgrades Notes

[!IMPORTANT]
Traefik v3.6.9 comes with CRDs update. See UPGRADING instructions.

🚀 Features

🐛 Bug fixes

📦 Others

v39.0.3

Compare Source

[!WARNING]
This release does not support Traefik v3.6.9. Updated CRDs are missing. It's recommended to use v39.0.4 for Traefik v3.6.9

🚀 Features

🐛 Bug fixes

📦 Others

v39.0.2

Compare Source

🚀 Features

📦 Others

v39.0.1

Compare Source

🚀 Features

🐛 Bug fixes

📦 Others

New Contributors

Full Changelog: traefik/traefik-helm-chart@v39.0.0...v39.0.1

v39.0.0

Compare Source

Upgrade Notes

There are 3 breaking changes in this release:

  1. Traefik Hub: This release support only Traefik Hub v3.19.0+ versions.
    • CRDs has to be upgraded before the Chart. See UPGRADING instructions.
    • It's possible to use previous versions of the Chart for previous versions of Traefik Hub.
  2. Encoded Characters: Allowed by default in Traefik v3.6.7+ (opt-in security options, documentation)
  3. Ports Configuration: HTTP options now require explicit http nesting level with PR #​1603.
    • There is a before / after example in the PR description.

ℹ️ Schema validation has been enforced in this release. When it fails, it means that the parameter is not implemented.

💥 BREAKING CHANGES

🚀 Features

📦 Others

v38.0.2

Compare Source

Upgrades Notes

There is a breaking change on CRDs between Traefik Hub v3.18.0 and inferior and the CRDs of Traefik Hub v3.19.0+ preview versions (ea & rc).
With this release, we remove the CRDs of Traefik Hub v3.19.0 preview versions.

When Traefik Hub v3.19.0 is GA, we will release a new major version of this Chart that will only accept Traefik Hub v3.19.0+ versions.

🚀 Features

🐛 Bug fixes

📦 Others

New Contributors

Full Changelog: traefik/traefik-helm-chart@v38.0.1...v38.0.2

v38.0.1

Compare Source

🐛 Bug fixes

📦 Others

v38.0.0

Compare Source

Upgrades Notes

[!IMPORTANT]
CRDs has to be upgraded before the Chart. See UPGRADING instructions.

There are two breaking changes in this release:

  1. Traefik Proxy v3.6.4+ contains a security fix that is also a breaking change. See upstream documentation for more details.
  2. PR #​1596 align kubernetesIngressNginx provider setting with upstream. There is a before / after example in the PR description and PR #​1587 align labelSelector syntax between providers

[!NOTE]
If you need to restore Traefik behavior of v3.6.3 or inferior, it can be set with values.

Here is an example on websecure entrypoint:

ports:
  websecure:
    http:
      encodedCharacters:
        allowEncodedSlash: true
        allowEncodedBackSlash: true
        allowEncodedNullCharacter: true
        allowEncodedSemicolon: true
        allowEncodedPercent: true
        allowEncodedQuestionMark: true
        allowEncodedHash: true
      sanitizePath: false

This is not recommended, it may expose you to GHSA-gm3x-23wp-hc2c.

💥 BREAKING CHANGES

🚀 Features

🐛 Bug fixes

📦 Others

New Contributors

Full Changelog: traefik/traefik-helm-chart@v37.4.0...v38.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@pipelines-github-app pipelines-github-app bot added app/traefik Changes made to Traefik application env/genmachine Changes made in the Talos cluster renovate/helm Changes related to Helm Chart update type/major labels Jan 24, 2026
@pipelines-github-app
Copy link
Copy Markdown
Contributor Author

pipelines-github-app bot commented Jan 24, 2026
edited
Loading 

--- main/traefik_gitops_manifests_traefik_genmachine_manifest_main.yaml	2026-04-16 05:26:49.749638388 +0000
+++ pr/traefik_gitops_manifests_traefik_genmachine_manifest_pr.yaml	2026-04-16 05:26:49.114640267 +0000
@@ -1,517 +0,0 @@
----
-# Source: traefik/charts/traefik/templates/poddisruptionbudget.yaml
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: traefik
-      app.kubernetes.io/instance: traefik-default
-  maxUnavailable: 1
----
-# Source: traefik/charts/traefik/templates/rbac/serviceaccount.yaml
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-automountServiceAccountToken: false
----
-# Source: traefik/charts/traefik/templates/rbac/clusterrole.yaml
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: traefik-default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-      - nodes
-      - services
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - discovery.k8s.io
-    resources:
-      - endpointslices
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - get
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingressclasses
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses/status
-    verbs:
-      - update
-  - apiGroups:
-      - traefik.io
-    resources:
-      - ingressroutes
-      - ingressroutetcps
-      - ingressrouteudps
-      - middlewares
-      - middlewaretcps
-      - serverstransports
-      - serverstransporttcps
-      - tlsoptions
-      - tlsstores
-      - traefikservices
-    verbs:
-      - get
-      - list
-      - watch
----
-# Source: traefik/charts/traefik/templates/rbac/clusterrolebinding.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: traefik-default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: traefik-default
-subjects:
-  - kind: ServiceAccount
-    name: traefik
-    namespace: default
----
-# Source: traefik/charts/traefik/templates/service-metrics.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik-metrics
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    app.kubernetes.io/component: metrics
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-spec:
-  type: ClusterIP
-  selector:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-  ports:
-  - port: 9100
-    name: metrics
-    targetPort: metrics
-    protocol: TCP
----
-# Source: traefik/charts/traefik/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-spec:
-  type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-  ipFamilyPolicy: PreferDualStack
-  ports:
-  - port: 80
-    name: web
-    targetPort: web
-    protocol: TCP
-  - port: 443
-    name: websecure
-    targetPort: websecure
-    protocol: TCP
----
-# Source: traefik/charts/traefik/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: traefik
-      app.kubernetes.io/instance: traefik-default
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 0
-      maxSurge: 1
-  minReadySeconds: 0
-  template: 
-    metadata:
-      annotations:
-      labels:
-        app.kubernetes.io/name: traefik
-        app.kubernetes.io/instance: traefik-default
-        helm.sh/chart: traefik-37.4.0
-        app.kubernetes.io/managed-by: Helm
-    spec:
-      serviceAccountName: traefik
-      automountServiceAccountToken: true
-      terminationGracePeriodSeconds: 60
-      hostNetwork: false
-      containers:
-      - image: docker.io/traefik:v3.6.13
-        imagePullPolicy: IfNotPresent
-        name: traefik
-        resources:
-        readinessProbe:
-          httpGet:
-            path: /ping
-            port: 8080
-            scheme: HTTP
-          failureThreshold: 1
-          initialDelaySeconds: 2
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 2
-        livenessProbe:
-          httpGet:
-            path: /ping
-            port: 8080
-            scheme: HTTP
-          failureThreshold: 3
-          initialDelaySeconds: 2
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 2
-        lifecycle:
-        ports:
-        - name: metrics
-          containerPort: 9100
-          protocol: TCP
-        - name: traefik
-          containerPort: 8080
-          protocol: TCP
-        - name: web
-          containerPort: 8000
-          protocol: TCP
-        - name: websecure
-          containerPort: 8443
-          protocol: TCP
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-        volumeMounts:
-          - name: data
-            mountPath: /data
-          - name: tmp
-            mountPath: /tmp
-
-        args:
-          - "--entryPoints.metrics.address=:9100/tcp"
-          - "--entryPoints.traefik.address=:8080/tcp"
-          - "--entryPoints.web.address=:8000/tcp"
-          - "--entryPoints.websecure.address=:8443/tcp"
-          - "--api.dashboard=true"
-          - "--ping=true"
-          - "--metrics.addinternals"
-          - "--metrics.prometheus=true"
-          - "--metrics.prometheus.entrypoint=metrics"
-        
-        
-          - "--providers.kubernetescrd"
-          - "--providers.kubernetescrd.allowCrossNamespace=true"
-          - "--providers.kubernetescrd.allowExternalNameServices=true"
-          - "--providers.kubernetescrd.allowEmptyServices=true"
-          - "--providers.kubernetesingress"
-          - "--providers.kubernetesingress.allowExternalNameServices=true"
-          - "--providers.kubernetesingress.allowEmptyServices=true"
-          - "--providers.kubernetesingress.ingressendpoint.publishedservice=default/traefik"
-          - "--entryPoints.web.http.redirections.entryPoint.to=:443"
-          - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
-          - "--entryPoints.websecure.http.tls=true"
-          - "--log.level=TRACE"
-        
-        env:
-          - name: POD_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.name
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: USER
-            value: traefik
-      volumes:
-        - name: data
-          emptyDir: {}
-        - name: tmp
-          emptyDir: {}
-      tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/control-plane
-          operator: Exists
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
-          operator: Exists
-      priorityClassName: system-cluster-critical
-      securityContext:
-        runAsGroup: 65532
-        runAsNonRoot: true
-        runAsUser: 65532
----
-# Source: traefik/charts/traefik/templates/ingressclass.yaml
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  annotations:
-    ingressclass.kubernetes.io/is-default-class: "true"
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-  name: traefik
-spec:
-  controller: traefik.io/ingress-controller
----
-# Source: traefik/templates/wildcard-genmachine.yaml
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: genmachine-wildcard
-spec:
-  commonName: '*.talos-genmachine.fredcorp.com'
-  dnsNames:
-    - 'talos-genmachine.fredcorp.com'
-    - '*.talos-genmachine.fredcorp.com'
-  issuerRef:
-    group: cert-manager.io
-    kind: ClusterIssuer
-    name: fredcorp-ca
-  secretName: genmachine-wildcard
----
-# Source: traefik/templates/extsecret-wildcard-cert.yaml
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: fredcorp-wildcard
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: admin
-    kind: ClusterSecretStore
-  target:
-    name: fredcorp-wildcard
-    creationPolicy: Owner
-    template:
-      type: kubernetes.io/tls
-      data:
-        tls.crt: '{{ .p12 | pkcs12cert  }}'
-        tls.key: '{{ .p12 | pkcs12key }}'
-  data:
-    - secretKey: p12
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: Base64
-        metadataPolicy: None
-        key: wildcard/fredcorp
-        property: p12
----
-# Source: traefik/templates/extsecret-wildcard-cert.yaml
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: k0s-fullstack-wildcard
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: admin
-    kind: ClusterSecretStore
-  target:
-    name: k0s-fullstack-wildcard
-    creationPolicy: Owner
-    template:
-      type: kubernetes.io/tls
-      data:
-        tls.crt: '{{ .p12 | pkcs12cert  }}'
-        tls.key: '{{ .p12 | pkcs12key }}'
-  data:
-    - secretKey: p12
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: Base64
-        metadataPolicy: None
-        key: wildcard/k0s-fullstack
-        property: p12
----
-# Source: traefik/templates/ingressRoute-dashboard.yaml
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: traefik-dashboard
-spec:
-  entryPoints:
-    - web
-    - websecure
-  routes:
-    - kind: Rule
-      match: Host(`traefik.talos-genmachine.fredcorp.com`)
-      middlewares:
-        - name: authentik
-          namespace: traefik
-      priority: 10
-      services:
-        - kind: TraefikService
-          name: api@internal
-          namespace: traefik
-    - kind: Rule
-      match: Host(`traefik.talos-genmachine.fredcorp.com`) && PathPrefix(`/outpost.goauthentik.io/`)
-      priority: 15
-      services:
-        - kind: Service
-          name: ak-outpost-authentik-embedded-outpost
-          namespace: authentik
-          port: 9000
----
-# Source: traefik/templates/auth-middleware.yaml
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: authentik
-spec:
-  forwardAuth:
-    # This address should point to the cluster endpoint provided by the kubernetes service, not the Ingress.
-    address: http://ak-outpost-authentik-embedded-outpost.authentik:9000/outpost.goauthentik.io/auth/traefik
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-entitlements
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-      - authorization
----
-# Source: traefik/templates/hsts-middleware.yaml
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: hsts
-spec:
-  headers:
-    stsSeconds: 31536000
-    stsIncludeSubdomains: true
-    stsPreload: true
-    forceSTSHeader: true
----
-# Source: traefik/charts/traefik/templates/servicemonitor.yaml
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    app.kubernetes.io/component: metrics
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-    release: prometheus
-spec:
-  jobLabel: traefik
-  endpoints:
-    - targetPort: metrics
-      path: /metrics
-  namespaceSelector:
-    matchNames:
-      - default
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: traefik
-      app.kubernetes.io/instance: traefik-default
-      app.kubernetes.io/component: metrics
----
-# Source: traefik/charts/traefik/templates/tlsstore.yaml
-apiVersion: traefik.io/v1alpha1
-kind: TLSStore
-metadata:
-  name: default
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: traefik-default
-    helm.sh/chart: traefik-37.4.0
-    app.kubernetes.io/managed-by: Helm
-spec:
-  defaultCertificate:
-    secretName: genmachine-wildcard

@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 4 times, most recently from cf74241 to 99d6583 Compare January 30, 2026 04:28
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 6 times, most recently from 3d5c9ab to 8d1ad3b Compare February 6, 2026 04:44
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 5 times, most recently from 4ffaf79 to 0c7975f Compare February 13, 2026 04:51
@pipelines-github-app pipelines-github-app bot changed the title feat(helm)!: Update Chart traefik (37.4.0 → 39.0.0) feat(helm)!: Update Chart traefik (37.4.0 → 39.0.1) Feb 14, 2026
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 6 times, most recently from 06f1cf1 to 35d83b0 Compare February 20, 2026 04:33
@pipelines-github-app pipelines-github-app bot changed the title feat(helm)!: Update Chart traefik (37.4.0 → 39.0.2) feat(helm)!: Update Chart traefik (37.4.0 → 39.0.4) Mar 6, 2026
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 3 times, most recently from 0aca455 to 6e89bce Compare March 7, 2026 04:20
@pipelines-github-app pipelines-github-app bot changed the title feat(helm)!: Update Chart traefik (37.4.0 → 39.0.4) feat(helm)!: Update Chart traefik (37.4.0 → 39.0.5) Mar 10, 2026
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 6 times, most recently from 870c58a to 3991f18 Compare March 15, 2026 05:03
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 4 times, most recently from 0652186 to 427cf9a Compare March 20, 2026 04:34
@pipelines-github-app pipelines-github-app bot changed the title feat(helm)!: Update Chart traefik (37.4.0 → 39.0.5) feat(helm)!: Update Chart traefik (37.4.0 → 39.0.6) Mar 21, 2026
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 7 times, most recently from 9d37f87 to 810c4b6 Compare March 27, 2026 05:04
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 3 times, most recently from aa389f4 to 0776684 Compare March 31, 2026 04:41
@pipelines-github-app pipelines-github-app bot changed the title feat(helm)!: Update Chart traefik (37.4.0 → 39.0.6) feat(helm)!: Update Chart traefik (37.4.0 → 39.0.7) Mar 31, 2026
@pipelines-github-app pipelines-github-app bot force-pushed the renovate/major-39-traefik-genmachine branch 2 times, most recently from 34cb29f to 63b7d0e Compare April 1, 2026 05:18
@pipelines-github-app @renovate-bot
feat(helm)!: Update Chart traefik (37.4.0 → 39.0.7)
d1622b4 
| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | traefik | 37.4.0 | 39.0.7 |


Co-authored-by: renovate[bot] <renovate@whitesourcesoftware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

app/traefik Changes made to Traefik application env/genmachine Changes made in the Talos cluster renovate/helm Changes related to Helm Chart update type/major

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants